365 Conditional Access policy applied when it shouldn't I've just had something very odd happen that I simply don't understand. I have a CA policy that applies to a specific group of domain users that blocks sign-in to all cloud apps from all locations except a trusted set of IP addresses. This has been in report only mode for some weeks with very few hits so today we set it to enabled. I do this whilst signed in as Global Admin using a 100% cloud account and in an Incognito window. I found almost immediately after enabling the policy I was getting "you don't have permissions" errors on the Conditional Access part of the Entra admin center. I closed all Incognito windows and signed in again and when I went into Entra the Conditional Access tab wasn't even there down the left hand side. I then signed in with another Global Admin account that is 100% cloud and managed to set the policy back to report only.…